+Now that you've completed your primary missions, take time to set up your [response teams](m365bp-security-incident-management.md) and [maintain your environment](m365bp-mdb-maintain-environment.md).

+ Title: "Maintain your environment"

+f1.keywords:

+- NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- M365-Campaigns

+- m365solution-smb

+- highpri

+- m365-security

+- tier1

+- MiniMaven

+search.appverid:

+- BCS160

+- MET150

+description: "Maintain your systems, devices, user accounts, and security policies to help protect against cyberattacks."

+# Maintain your environment

+After you have set up and configured [Microsoft 365 Business Premium](index.md) or [Microsoft Defender for Business](../security/defender-business/mdb-overview.md) (standalone), your next step is to prepare a plan for maintenance and operations. You can use this article as a guide to prepare your plan.

+- **[Microsoft 365 administration](#tenant-administration)** (also referred to as *tenant administration*) includes tasks that your administrators (also referred to as *admins*) perform, such as adding or removing users, resetting passwords, resetting devices to factory settings, and more. These kinds of tasks (and more!) are listed in [Tenant administration](#tenant-administration).

+- **[Security administration](#security-administration)** includes tasks that your security administrators (also referred to as *security admins*) perform, such as defining or editing security policies, onboarding or offboarding devices, and more. These kinds of tasks are listed in [Security administration](#security-administration).

+- **[Security operations](#security-operations)** (also referred to as *SecOps*) includes tasks that your security team performs, such as reviewing and addressing detected threats, running antivirus scans on devices, starting automated investigations, and more. These kinds of tasks are listed in [Security operations](#security-operations).

+In each section, select the tab that corresponds to your subscription.

+## Tenant administration

+## [**Microsoft 365 Business Premium**](#tab/M365BP)

+Maintaining your Microsoft 365 Business Premium environment includes managing user accounts, managing devices, and keeping things up to date and working correctly. Use this article as an admin guide for your organization.

+Many admin tasks can be performed in the Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com)), although some tasks, such as adding/removing devices, can be performed in other portals (such as the Microsoft 365 Defender portal or the Microsoft Intune admin center).

+If you're new to Microsoft 365, take a moment to get an [Overview of the Microsoft 365 admin center](../admin/admin-overview/admin-center-overview.md).

+### General tasks

+| Task | Resources to learn more |

+|:|:|

+| Get started using the Microsoft 365 admin center | [Overview of the Microsoft 365 admin center](../admin/admin-overview/admin-center-overview.md) |

+| Learn about new features in the Microsoft 365 admin center | [What's new in the Microsoft 365 admin center](../admin/whats-new-in-preview.md) |

+| Find out about new product updates and features so you can help prepare users | [Stay on top of Microsoft 365 product and feature changes](../admin/manage/stay-on-top-of-updates.md) |

+| View usage reports to see how people are using Microsoft 365 | [Microsoft 365 Reports in the admin center](../admin/activity-reports/activity-reports.md) |

+| Open a technical support ticket | [Get support for Microsoft 365 for business](../admin/get-help-support.md) |

+### Users, groups, and passwords

+| Task | Resources to learn more |

+|:|:|

+| Add a new user | [Add a new employee to Microsoft 365](../admin/add-users/add-new-employee.md) |

+| Assign licenses to users | [Assign Microsoft 365 licenses to users in the Microsoft 365 admin center](../admin/manage/assign-licenses-to-users.md) <br/><br/>[Assign Microsoft 365 licenses to user accounts by using PowerShell](../enterprise/assign-licenses-to-user-accounts-with-microsoft-365-powershell.md) |

+| Assign admin roles to people who need admin permissions | [Assign admin roles in the Microsoft 365 admin center](../admin/add-users/assign-admin-roles.md) <br/><br/>[Assign admin roles to Microsoft 365 user accounts with PowerShell](../enterprise/assign-roles-to-user-accounts-with-microsoft-365-powershell.md)|

+| Remove licenses from users | [Unassign Microsoft 365 licenses from users in the Microsoft 365 admin center](../admin/manage/remove-licenses-from-users.md)<br/><br/>[Remove Microsoft 365 licenses from user accounts with PowerShell](../enterprise/remove-licenses-from-user-accounts-with-microsoft-365-powershell.md) |

+| Turn pronouns on or off | [Turn pronouns on or off for your organization in the Microsoft 365 admin center](../admin/add-users/turn-pronouns-on-or-off.md) |

+| Determine whether to allow guest access to groups for their whole organization or for individual groups | [Guest users in Microsoft 365 admin center](../admin/add-users/about-guest-users.md) |

+| Remove a user account when someone leaves your organization | [Overview: Remove a former employee and secure data](../admin/add-users/remove-former-employee.md) |

+| Reset passwords for user accounts | [Reset passwords in Microsoft 365 for business](../admin/add-users/reset-passwords.md) |

+### Email and calendars

+| Task | Resources to learn more |

+|:|:|

+| Migrate email and contacts from Gmail or another email provider to Microsoft 365 | [Migrate email and contacts to Microsoft 365](../admin/setup/migrate-email-and-contacts-admin.md) |

+| Add an email signature, legal disclaimer, or disclosure statement to email messages that come in or go out | [Create organization-wide signatures and disclaimers](../admin/setup/create-signatures-and-disclaimers.md) |

+| Set up, edit, or delete a security group | [Create, edit, or delete a security group in the Microsoft 365 admin center](../admin/email/create-edit-or-delete-a-security-group.md) |

+| Add users to a distribution group | [Add a user or contact to a Microsoft 365 distribution group](../admin/email/add-user-or-contact-to-distribution-list.md) |

+| Set up a shared mailbox so people can monitor and send email from a common email addresses, like `info@contoso.com` | [Create a shared mailbox](../admin/email/create-a-shared-mailbox.md) |

+### Devices

+| Task | Resources to learn more |

+|:|:|

+| Use Windows Autopilot to set up and pre-configure new devices or to to reset, repurpose, and recover devices | [Overview of Windows Autopilot](/mem/autopilot/windows-autopilot) |

+| View current status of and manage devices | [Manage devices in Microsoft Defender for Business](../security/defender-business/mdb-manage-devices.md) |

+| Onboard devices to Defender for Business | [Onboard devices to Defender for Business](../security/defender-business/mdb-onboard-devices.md) |

+| Offboard devices from Defender for Business | [Offboard a device from Defender for Business](../security/defender-business/mdb-offboard-devices.md) |

+| Manage devices with Intune | [What does device management with Intune mean?](/mem/intune/fundamentals/what-is-device-management)<br/><br/>[Manage your devices and control device features in Microsoft Intune](/mem/intune/fundamentals/manage-devices) |

+### Domains

+| Task | Resources to learn more |

+|:|:|

+| Add a domain (like contoso.com) to your Microsoft 365 subscription | [Add a domain to Microsoft 365](../admin/setup/add-domain.md) |

+| Buy a domain | [Buy a domain name](../admin/get-help-with-domains/buy-a-domain-name.md) |

+| Remove a domain | [Remove a domain](../admin/get-help-with-domains/remove-a-domain.md) |

+### Subscriptions and billing

+| Task | Resources to learn more |

+|:|:|

+| View your bill or invoice | [View your Microsoft 365 for business subscription bill or invoice](../commerce/billing-and-payments/view-your-bill-or-invoice.md) |

+| Manage your payment methods | [Manage payment methods](../commerce/billing-and-payments/manage-payment-methods.md) |

+| Change the frequency of your payments | [Change your Microsoft 365 subscription billing frequency](../commerce/billing-and-payments/change-payment-frequency.md) |

+| Change your billing address | [Change your Microsoft 365 for business billing addresses](../commerce/billing-and-payments/change-your-billing-addresses.md) |

+## [**Defender for Business**](#tab/MDB)

+Maintaining your Defender for Business environment includes managing user accounts, managing devices, and keeping things up to date and working correctly. Use this article as an admin guide for your organization.

+Many admin tasks can be performed in the Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com)), although some tasks, such as adding/removing devices, can be performed in other portals (such as the Microsoft 365 Defender portal or the Microsoft Intune admin center).

+If you're new to Microsoft 365, take a moment to get an [Overview of the Microsoft 365 admin center](/microsoft-365/admin/admin-overview/admin-center-overview).

+### General tasks

+| Task | Resources to learn more |

+|:|:|

+| Get started using the Microsoft 365 admin center | [Overview of the Microsoft 365 admin center](/microsoft-365/admin/admin-overview/admin-center-overview) |

+| Learn about new features in the Microsoft 365 admin center | [What's new in the Microsoft 365 admin center](/microsoft-365/admin/whats-new-in-preview) |

+| Find out about new product updates and features so you can help prepare users | [Stay on top of Microsoft 365 product and feature changes](/microsoft-365/admin/manage/stay-on-top-of-updates) |

+| View usage reports to see how people are using Microsoft 365 | [Microsoft 365 Reports in the admin center](/microsoft-365/admin/activity-reports/activity-reports) |

+| Open a technical support ticket | [Get support for Microsoft 365 for business](/microsoft-365/admin/get-help-support) |

+### Users, groups, and passwords

+| Task | Resources to learn more |

+|:|:|

+| Add a new user | [Add a new employee to Microsoft 365](/microsoft-365/admin/add-users/add-new-employee) |

+| Assign licenses to users | [Assign Microsoft 365 licenses to users in the Microsoft 365 admin center](/microsoft-365/admin/manage/assign-licenses-to-users) <br/>[Assign Microsoft 365 licenses to user accounts by using PowerShell](/microsoft-365/enterprise/assign-licenses-to-user-accounts-with-microsoft-365-powershell) |

+| Assign admin roles to people who need admin permissions | [Assign admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/assign-admin-roles) <br/>[Assign admin roles to Microsoft 365 user accounts with PowerShell](/microsoft-365/enterprise/assign-roles-to-user-accounts-with-microsoft-365-powershell)|

+| Remove licenses from users | [Unassign Microsoft 365 licenses from users in the Microsoft 365 admin center](/microsoft-365/admin/manage/remove-licenses-from-users)<br/>[Remove Microsoft 365 licenses from user accounts with PowerShell](/microsoft-365/enterprise/remove-licenses-from-user-accounts-with-microsoft-365-powershell) |

+| Remove a user account when someone leaves your organization | [Overview: Remove a former employee and secure data](/microsoft-365/admin/add-users/remove-former-employee) |

+| Reset passwords for user accounts | [Reset passwords in Microsoft 365 for business](/microsoft-365/admin/add-users/reset-passwords) |

+### Devices

+| Task | Resources to learn more |

+|:|:|

+| View current status of and manage devices | [Manage devices in Defender for Business](../security/defender-business/mdb-manage-devices.md) |

+| Onboard devices to Defender for Business | [Onboard devices to Defender for Business](../security/defender-business/mdb-onboard-devices.md) |

+| Offboard devices from Defender for Business | [Offboard a device from Defender for Business](../security/defender-business/mdb-offboard-devices.md) |

+| Manage devices with Intune | [What does device management with Intune mean?](/mem/intune/fundamentals/what-is-device-management)<br/>[Manage your devices and control device features in Microsoft Intune](/mem/intune/fundamentals/manage-devices) |

+### Subscriptions and billing

+| Task | Resources to learn more |

+|:|:|

+| View your bill or invoice | [View your Microsoft 365 for business subscription bill or invoice](/microsoft-365//commerce/billing-and-payments/view-your-bill-or-invoice) |

+| Manage your payment methods | [Manage payment methods](/microsoft-365/commerce/billing-and-payments/manage-payment-methods) |

+| Change the frequency of your payments | [Change your Microsoft 365 subscription billing frequency](/microsoft-365/commerce/billing-and-payments/change-payment-frequency) |

+| Change your billing address | [Change your Microsoft 365 for business billing addresses](/microsoft-365/commerce/billing-and-payments/change-your-billing-addresses) |

+| Upgrade your subscription | [Try or buy Microsoft 365 Business Premium](m365-business-premium-setup.md#sign-up-for-microsoft-365-business-premium) |

+| Add Microsoft Intune to your subscription<br/>(for additional security capabilities) | [Get an overview of Intune](/mem/intune/fundamentals/what-is-intune) <br/>[Microsoft Intune Plans and Pricing](https://www.microsoft.com/en-us/security/business/microsoft-intune-pricing) |

+| Try Defender for Office 365 <br/>(to protect email and collaboration content) | [Try Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/try-microsoft-defender-for-office-365) |

+## Security administration

+## [**Microsoft 365 Business Premium**](#tab/M365BP)

+Security administrators (also referred to as *security admins*) perform various tasks, such as:

+- Defining or editing security policies

+- Onboarding or offboarding devices

+- Taking steps to protect high-risk user accounts or devices

+The following table lists common tasks that security admins typically perform, with links to more detailed information.

+| Task | Description |

+|||

+| **Manage false positives/negatives** | A false positive is an entity, such as a file or a process that was detected and identified as malicious even though the entity isn't actually a threat. A false negative is an entity that wasn't detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, including Microsoft Defender for Office 365 and Microsoft Defender for Business, which are both included in Microsoft 365 Business Premium. Fortunately, steps can be taken to address and reduce these kinds of issues. <br/><br/>For false positives/negatives on devices, see [Address false positives/negatives in Microsoft Defender for Endpoint](../security/defender-endpoint/defender-endpoint-false-positives-negatives.md).<br/><br/>For false positives/negatives in email, see the following articles: <br/>- [How to handle malicious emails that are delivered to recipients (False Negatives), using Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-negatives-in-microsoft-defender-for-office-365)<br/>- [How to handle Legitimate emails getting blocked (False Positive), using Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-positives-in-microsoft-defender-for-office-365) |

+| **Strengthen your security posture** | Defender for Business includes a vulnerability management dashboard that provides you with exposure score and enables you to view information about exposed devices and see relevant security recommendations. You can use your Defender Vulnerability Management dashboard to reduce exposure and improve your organization's security posture. <br/><br/>See the following articles:<br/>- [Use your vulnerability management dashboard in Microsoft Defender for Business](../security/defender-business/mdb-view-tvm-dashboard.md)<br/>- [Dashboard insights](../security/defender-vulnerability-management/tvm-dashboard-insights.md) |

+| **Adjust security policies** | [Reports](../security/defender-business/mdb-reports.md) are available so that you can view information about detected threats, device status, and more. Sometimes it's necessary to adjust your security policies. For example, you might apply strict protection to some user accounts or devices, and standard protection to others. <br/><br/>See the following articles: <br/>- For device protection: [View or edit policies in Microsoft Defender for Business](../security/defender-business/mdb-view-edit-create-policies.md) <br/>- For email protection: [Recommended settings for EOP and Microsoft Defender for Office 365 security](../security/office-365-security/recommended-settings-for-eop-and-office365.md) |

+| **Analyze admin submissions** | Sometimes it's necessary to submit entities, such as email messages, URLs, or attachments to Microsoft for further analysis. Reporting items can help reduce the occurrence of false positives/negatives and improve threat detection accuracy. <br/><br/>See the following articles: <br/>- [Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](../security/office-365-security/submissions-admin.md)<br/>- [Admin review for user reported messages](../security/office-365-security/submissions-admin-review-user-reported-messages.md) |

+| **Protect priority user accounts** | Not all user accounts have access to the same company information. Some accounts have access to sensitive information, such as financial data, product development information, partner access to critical build systems, and more. If compromised, accounts that have access to highly confidential information pose a serious threat. We call these types of accounts priority accounts. Priority accounts include (but aren't limited to) CEOs, CISOs, CFOs, infrastructure admin accounts, build system accounts, and more.<br/><br/>See the following articles: <br/>- [Protect your administrator accounts](m365bp-protect-admin-accounts.md) <br/>- [Security recommendations for priority accounts in Microsoft 365](../security/office-365-security/priority-accounts-security-recommendations.md) |

+| **Protect high-risk devices** | The overall risk assessment of a device is based on a combination of factors, such as the types and severity of active alerts on the device. As your security team resolves active alerts, approves remediation activities, and suppresses subsequent alerts, the risk level decreases. <br/><br/>See [Manage devices in Microsoft Defender for Business](../security/defender-business/mdb-manage-devices.md). |

+| **Onboard or offboard devices** | As devices are replaced or retired, new devices are purchased, or your business needs change, you can onboard or offboard devices from Defender for Business. <br/><br/>See the following articles: <br/>- [Onboard devices to Microsoft Defender for Business](../security/defender-business/mdb-onboard-devices.md) <br/>- [Offboard a device from Microsoft Defender for Business](../security/defender-business/mdb-offboard-devices.md) |

+## [**Defender for Business**](#tab/MDB)

+Security administrators (also referred to as *security admins*) perform various tasks, such as:

+- Defining or editing security policies

+- Onboarding or offboarding devices

+- Taking steps to protect high-risk user accounts or devices

+The following table lists common tasks that security admins typically perform, with links to more detailed information.

+| Task | Description |

+|||

+| **Manage false positives/negatives** | A false positive is an entity, such as a file or a process that was detected and identified as malicious even though the entity isn't actually a threat. A false negative is an entity that wasn't detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, including Defender for Business. Fortunately, steps can be taken to address and reduce these kinds of issues. <br/><br/>See [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives). |

+| **Strengthen your security posture** | Defender for Business includes a vulnerability management dashboard that provides you with exposure score and enables you to view information about exposed devices and see relevant security recommendations. You can use your Defender Vulnerability Management dashboard to reduce exposure and improve your organization's security posture. <br/><br/>See the following articles:<br/>- [Use your vulnerability management dashboard in Defender for Business](../security/defender-business/mdb-view-tvm-dashboard.md)<br/>- [Dashboard insights](/microsoft-365/security/defender-vulnerability-management/tvm-dashboard-insights) |

+| **Adjust security policies** | [Reports](../security/defender-business/mdb-reports.md) are available so that you can view information about detected threats, device status, and more. Sometimes it's necessary to adjust your security policies. For example, you might apply strict protection to some user accounts or devices, and standard protection to others. <br/><br/>See [View or edit policies in Defender for Business](../security/defender-business/mdb-view-edit-create-policies.md). |

+| **Protect high-risk devices** | The overall risk assessment of a device is based on a combination of factors, such as the types and severity of active alerts on the device. As your security team resolves active alerts, approves remediation activities, and suppresses subsequent alerts, the risk level decreases. <br/><br/>See [Manage devices in Defender for Business](../security/defender-business/mdb-manage-devices.md). |

+| **Onboard or offboard devices** | As devices are replaced or retired, new devices are purchased, or your business needs change, you can onboard or offboard devices from Defender for Business. <br/><br/>See the following articles: <br/>- [Onboard devices to Defender for Business](../security/defender-business/mdb-onboard-devices.md) <br/>- [Offboard a device from Defender for Business](../security/defender-business/mdb-offboard-devices.md) |

+## Security operations

+## [**Microsoft 365 Business Premium**](#tab/M365BP)

+If you're new to Microsoft 365 Business Premium, or if your business doesn't have a security operations guide in place yet, use this article as a starting point. If you do already have a security operations guide, review it against the recommendations in this article.

+You can use this guidance to make decisions about security incident priorities and tasks your security team will perform in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)).

+### Daily tasks

+| Task | Description |

+|||

+| Check your threat vulnerability management dashboard | Get a snapshot of threat vulnerability by looking at your vulnerability management dashboard, which reflects how vulnerable your organization is to cybersecurity threats. A high exposure score means your devices are more vulnerable to exploitation. <br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Vulnerability management > Dashboard**.<br/><br/>2. Take a look at your **Organization exposure score**. If it's in the acceptable or "High" range, you can move on. If it isn't, select **Improve score** to see more details and security recommendations to improve this score. <br/><br/>Being aware of your exposure score helps you to:<br/>- Quickly understand and identify high-level takeaways about the state of security in your organization<br/>- Detect and respond to areas that require investigation or action to improve the current state<br/>- Communicate with peers and management about the impact of security efforts |

+| Review pending actions in the Action center | As threats are detected, [remediation actions](#remediation-actions-in-microsoft-365-business-premium) come into play. Depending on the particular threat and how your security settings are configured, remediation actions might be taken automatically or only upon approval, which is why these should be monitored regularly. Remediation actions are tracked in the Action center.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Action center**.<br/><br/>2. Select the **Pending** tab to view and approve (or reject) any pending actions. Such actions can arise from antivirus or antimalware protection, automated investigations, manual response activities, or live response sessions.<br/><br/>3. Select the **History** tab to view a list of completed actions.|

+| Review devices with threat detections | When threats are detected on devices, your security team needs to know so that any needed actions, such as isolating a device, can be taken promptly. <br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Reports > General > Security report**.<br/><br/>2. Scroll down to the **Vulnerable devices** row. If threats were detected on devices, you'll see that information in this row.|

+| Learn about new incidents or alerts | As threats are detected and alerts are triggered, incidents are created. Your company's security team can view and manage incidents in the Microsoft 365 Defender portal.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation menu, select **Incidents**. Incidents are displayed on the page with associated alerts.<br/><br/>2. Select an alert to open its flyout pane, where you can learn more about the alert.<br/><br/>3. In the flyout, you can see the alert title, view a list of assets (such as endpoints or user accounts) that were affected, take available actions, and use links to view more information and even open the details page for the selected alert. |

+| Run a scan or automated investigation | Your security team can initiate a scan or an automated investigation on a device that has a high risk level or detected threats. Depending on the results of the scan or automated investigation, [remediation actions](#remediation-actions-in-microsoft-365-business-premium) can occur automatically or upon approval.<br/><br/>1. In the Microsoft 365 Defender portal (https://security.microsoft.com), in the navigation pane, choose **Assets** > **Devices**.<br/><br/>2. Select a device to open its flyout panel, and review the information that is displayed.<br/>- Select the ellipsis (...) to open the actions menu.<br/>- Select an action, such as **Run antivirus scan** or **Initiate Automated Investigation**. |

+### Weekly tasks

+| Task | Description |

+|||

+| Monitor and improve your Microsoft Secure score | Microsoft Secure Score is a measurement of your organization's security posture. Higher numbers indicate that fewer improvement actions are needed. By using Secure Score, you can: <br/>- Report on the current state of your organization's security posture.<br/>- Improve your security posture by providing discoverability, visibility, guidance, and control.<br/>- Compare with benchmarks and establish key performance indicators (KPIs).<br/><br/>To check your score, follow these steps:<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane choose **Secure score**. <br/><br/>2. Review and make decisions about the remediations and actions in order to improve your overall Microsoft secure score. |

+| Improve your secure score for devices | Improve your security configuration by remediating issues using the security recommendations list. As you do so, your Microsoft Secure Score for Devices improves and your organization becomes more resilient against cybersecurity threats and vulnerabilities going forward. It's always worth the time it takes to review and improve your score.<br/><br/>To check your secure score, follow these steps: <br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane select **Secure score**.<br/><br/>2. From the **Microsoft Secure Score for Devices** card in the Defender Vulnerability Management dashboard, select one of the categories. A list of recommendations related to that category displays, along with recommendations.<br/><br/>3.Select an item on the list to display details related to the recommendation.<br/><br/>4. Select **Remediation options**.<br/><br/>5. Read the description to understand the context of the issue and what to do next. Choose a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up. A confirmation message tells you the remediation task has been created.<br/><br/>6. Send a follow-up email to your IT Administrator and allow for the time that you've allotted for the remediation to propagate in the system.<br/><br/>7. Return to the Microsoft Secure Score for Devices card on the dashboard. The number of security controls recommendations has decreased as a result of your actions.<br/><br/>8. Select **Security controls** to go back to the Security recommendations page. The item that you addressed isn't listed there anymore, which results in your Microsoft secure score improving. |

+### Monthly tasks

+| Task | Description |

+|||

+| Run reports | Several reports are available in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)).<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Reports**.<br/><br/>2. Choose a report to review. Each report displays many pertinent categories for that report.<br/><br/>3. Select **View details** to see deeper information for each category.<br/><br/>4. Select the title of a particular threat to see details specific to it.|

+| Run a simulation tutorial | It's always a good idea to increase the security preparedness for you and your team through training. You can access simulation tutorials in the Microsoft 365 Defender portal. The tutorials cover several types of cyber threats. To get started, follow these steps:<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Tutorials**.<<br/><br/>2. Read the walk-through for a tutorial you're interested in running, and then download the file, or copy the script needed to run the simulation according to the instructions. |

+| Explore the Learning hub | Use the Learning hub to increase your knowledge of cybersecurity threats and how to address them. We recommend exploring the resources that are offered, especially in the Microsoft 365 Defender and Endpoints sections.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Learning hub**.<br/><br/>2. Select an area, such as **Microsoft 365 Defender** or **Endpoints**.<br/><br/>3. Select an item to learn more about each concept. <br/><br/>Note that some resources in the Learning hub might cover functionality that isn't actually included in Microsoft 365 Business Premium. For example, advanced hunting capabilities are included in enterprise subscriptions, such as Defender for Endpoint Plan 2 or Microsoft 365 Defender, but not in Microsoft 365 Business Premium. [Compare security features in Microsoft 365 plans for small and medium-sized businesses](../security/defender-business/compare-mdb-m365-plans.md). |

+### Tasks to perform as needed

+| Task | Description |

+|||

+| Use the Threat analytics dashboard | Use the threat analytics dashboard to get an overview of the current threat landscape by highlighting reports that are most relevant to your organization. <br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Threat analytics** to display the Threat analytics dashboard. The dashboard summarizes the threats into the following sections:<br/>- **Latest threats** lists the most recently published or updated threat reports, along with the number of active and resolved alerts.<br/>- **High-impact threats** lists the threats that have the highest impact to your organization. This section lists threats with the highest number of active and resolved alerts first.<br/>- **Highest exposure** lists threats with the highest exposure levels first. The exposure level of a threat is calculated using two pieces of information: how severe the vulnerabilities associated with the threat are, and how many devices in your organization could be exploited by those vulnerabilities.<br/><br/>3. Select the title of the one you want to investigate, and read the associated report.<br/><br/>4. You can also review the full Analyst report for more details, or select other headings to view the related incidents, impacted assets, and exposure and mitigations.|

+| Remediate an item | Microsoft 365 Business Premium includes several [remediation actions](#remediation-actions-in-microsoft-365-business-premium). Some actions are taken automatically, and others await approval by your security team.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, go to **Assets** > **Devices**.<br/><br/>2. Select a device, such as one with a high risk level or exposure level. A flyout pane opens and displays more information about alerts and incidents generated for that item.<br/><br/>3. On the flyout, view the information that is displayed. Select the ellipsis (...) to open a menu that lists available actions.<br/><br/>4. Select an available action. For example, you might choose **Run antivirus scan**, which will cause Microsoft Defender Antivirus to start a quick scan on the device. Or, you could select **Initiate Automated Investigation** to trigger an automated investigation on the device. |

+### Remediation actions in Microsoft 365 Business Premium

+The following table summarizes remediation actions that are available in Microsoft 365 Business Premium:

+| Source | Actions |

+|||

+| Automated investigations | Quarantine a file<br/>Remove a registry key<br/>Kill a process<br/>Stop a service<br/>Disable a driver<br/>Remove a scheduled task |

+| Manual response actions | Run antivirus scan<br/>Isolate device<br/>Add an indicator to block or allow a file |

+| Live response | <br/>Collect forensic data<br/>Analyze a file<br/>Run a script<br/>Send a suspicious entity to Microsoft for analysis<br/>Remediate a file<br/>Proactively hunt for threats |

+## [**Defender for Business**](#tab/MDB)

+If you're new to Defender for Business, or if your business doesn't have a security operations guide in place yet, use this article as a starting point. If you do already have a security operations guide, review it against the recommendations in this article.

+You can use this guidance to make decisions about security incident priorities and tasks your security team will perform in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)).

+### Daily tasks

+| Task | Description |

+|||

+| **Check your threat vulnerability management dashboard** | Get a snapshot of threat vulnerability by looking at your vulnerability management dashboard, which reflects how vulnerable your organization is to cybersecurity threats. A high exposure score means your devices are more vulnerable to exploitation. <br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Vulnerability management > Dashboard**.<br/><br/>2. Take a look at your **Organization exposure score**. If it's in the acceptable or "High" range, you can move on. If it isn't, select **Improve score** to see more details and security recommendations to improve this score. <br/><br/>Being aware of your exposure score helps you to:<br/>- Quickly understand and identify high-level takeaways about the state of security in your organization<br/>- Detect and respond to areas that require investigation or action to improve the current state<br/>- Communicate with peers and management about the impact of security efforts |

+| **Review pending actions in the Action center** | As threats are detected, [remediation actions](#remediation-actions-in-defender-for-business) come into play. Depending on the particular threat and how your security settings are configured, remediation actions might be taken automatically or only upon approval, which is why these should be monitored regularly. Remediation actions are tracked in the Action center.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Action center**.<br/><br/>2. Select the **Pending** tab to view and approve (or reject) any pending actions. Such actions can arise from antivirus or antimalware protection, automated investigations, manual response activities, or live response sessions.<br/><br/>3. Select the **History** tab to view a list of completed actions.|

+| **Review devices with threat detections** | When threats are detected on devices, your security team needs to know so that any needed actions, such as isolating a device, can be taken promptly. <br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Reports > General > Security report**.<br/><br/>2. Scroll down to the **Vulnerable devices** row. If threats were detected on devices, you'll see that information in this row.|

+| **Learn about new incidents or alerts** | As threats are detected and alerts are triggered, incidents are created. Your company's security team can view and manage incidents in the Microsoft 365 Defender portal.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation menu, select **Incidents**. Incidents are displayed on the page with associated alerts.<br/><br/>2. Select an alert to open its flyout pane, where you can learn more about the alert.<br/><br/>3. In the flyout, you can see the alert title, view a list of assets (such as endpoints or user accounts) that were affected, take available actions, and use links to view more information and even open the details page for the selected alert. |

+| **Run a scan or automated investigation** | Your security team can initiate a scan or an automated investigation on a device that has a high risk level or detected threats. Depending on the results of the scan or automated investigation, [remediation actions](#remediation-actions-in-defender-for-business) can occur automatically or upon approval.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Assets** > **Devices**.<br/><br/>2. Select a device to open its flyout panel, and review the information that is displayed.<br/>- Select the ellipsis (...) to open the actions menu.<br/>- Select an action, such as **Run antivirus scan** or **Initiate Automated Investigation**. |

+## Weekly tasks

+| Task | Description |

+|||

+| **Monitor and improve your security score** | Microsoft Secure Score is a measurement of your organization's security posture. Higher numbers indicate that fewer improvement actions are needed. By using Secure Score, you can: <br/>- Report on the current state of your organization's security posture.<br/>- Improve your security posture by providing discoverability, visibility, guidance, and control.<br/>- Compare with benchmarks and establish key performance indicators (KPIs).<br/><br/>To check your score, follow these steps:<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane choose **Secure score**. <br/><br/>2. Review and make decisions about the remediations and actions in order to improve your overall Microsoft secure score. |

+| **Improve your secure score for devices** | Improve your security configuration by remediating issues using the security recommendations list. As you do so, your Microsoft Secure Score for Devices improves and your organization becomes more resilient against cybersecurity threats and vulnerabilities going forward. It's always worth the time it takes to review and improve your score.<br/><br/>To check your secure score, follow these steps: <br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane select **Secure score**.<br/><br/>2. From the **Microsoft Secure Score for Devices** card in the Defender Vulnerability Management dashboard, select one of the categories. A list of recommendations related to that category displays, along with recommendations.<br/><br/>3.Select an item on the list to display details related to the recommendation.<br/><br/>4. Select **Remediation options**.<br/><br/>5. Read the description to understand the context of the issue and what to do next. Choose a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up. A confirmation message tells you the remediation task has been created.<br/><br/>6. Send a follow-up email to your IT Administrator and allow for the time that you've allotted for the remediation to propagate in the system.<br/><br/>7. Return to the Microsoft Secure Score for Devices card on the dashboard. The number of security controls recommendations has decreased as a result of your actions.<br/><br/>8. Select **Security controls** to go back to the Security recommendations page. The item that you addressed isn't listed there anymore, which results in your Microsoft secure score improving. |

+### Monthly tasks

+| Task | Description |

+|||

+| **Run security reports** | Several reports are available in the Microsoft 365 Defender portal.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Reports**.<br/><br/>2. Choose a report to review. Each report displays many pertinent categories for that report.<br/><br/>3. Select **View details** to see deeper information for each category.<br/><br/>4. Select the title of a particular threat to see details specific to it.|

+| **Run a simulation tutorial** | It's always a good idea to increase the security preparedness for you and your team through training. You can access simulation tutorials in the Microsoft 365 Defender portal. The tutorials cover several types of cyber threats. To get started, follow these steps:<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Tutorials**.<<br/><br/>2. Read the walk-through for a tutorial you're interested in running, and then download the file, or copy the script needed to run the simulation according to the instructions. |

+| **Explore the Learning hub** | Use the Learning hub to increase your knowledge of cybersecurity threats and how to address them. We recommend exploring the resources that are offered, especially in the Microsoft 365 Defender and Endpoints sections.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Learning hub**.<br/><br/>2. Select an area, such as **Microsoft 365 Defender** or **Endpoints**.<br/><br/>3. Select an item to learn more about each concept. <br/><br/>Note that some resources in the Learning hub might cover functionality that isn't actually included in Defender for Business. For example, advanced hunting capabilities are included in enterprise subscriptions, such as Defender for Endpoint Plan 2 or Microsoft 365 Defender, but not in Defender for Business. [Compare security features in Microsoft 365 plans for small and medium-sized businesses](../security/defender-business/compare-mdb-m365-plans.md). |

+### Tasks to perform as needed

+| Task | Description |

+|||

+| **Use the Threat analytics dashboard** | Use the threat analytics dashboard to get an overview of the current threat landscape by highlighting reports that are most relevant to your organization. <br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Threat analytics** to display the Threat analytics dashboard. The dashboard summarizes the threats into the following sections:<br/>- **Latest threats** lists the most recently published or updated threat reports, along with the number of active and resolved alerts.<br/>- **High-impact threats** lists the threats that have the highest impact to your organization. This section lists threats with the highest number of active and resolved alerts first.<br/>- **Highest exposure** lists threats with the highest exposure levels first. The exposure level of a threat is calculated using two pieces of information: how severe the vulnerabilities associated with the threat are, and how many devices in your organization could be exploited by those vulnerabilities.<br/><br/>3. Select the title of the one you want to investigate, and read the associated report.<br/><br/>4. You can also review the full Analyst report for more details, or select other headings to view the related incidents, impacted assets, and exposure and mitigations.|

+| **Remediate an item** | Defender for Business includes several [remediation actions](#remediation-actions-in-defender-for-business). Some actions are taken automatically, and others await approval by your security team.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, go to **Assets** > **Devices**.<br/><br/>2. Select a device, such as one with a high risk level or exposure level. A flyout pane opens and displays more information about alerts and incidents generated for that item.<br/><br/>3. On the flyout, view the information that is displayed. Select the ellipsis (...) to open a menu that lists available actions.<br/><br/>4. Select an available action. For example, you might choose **Run antivirus scan**, which will cause Microsoft Defender Antivirus to start a quick scan on the device. Or, you could select **Initiate Automated Investigation** to trigger an automated investigation on the device. |

+## Remediation actions in Defender for Business

+The following table summarizes remediation actions that are available in Defender for Business:

+| Source | Actions |

+|||

+| **Automated investigations** | Quarantine a file<br/>Remove a registry key<br/>Kill a process<br/>Stop a service<br/>Disable a driver<br/>Remove a scheduled task |

+| **Manual response actions** | Run antivirus scan<br/>Isolate device<br/>Add an indicator to block or allow a file |

+| **Live response** | <br/>Collect forensic data<br/>Analyze a file<br/>Run a script<br/>Send a suspicious entity to Microsoft for analysis<br/>Remediate a file<br/>Proactively hunt for threats |

+## See also

+[Security incident management](m365bp-security-incident-management.md)

+- [Learn how to maintain your environment](m365bp-mdb-maintain-environment.md).

+- [Maintain your environment](m365bp-mdb-maintain-environment.md)

+ Title: "Data loss prevention policy tip reference for Outlook for Microsoft 365"

+f1.keywords:

+- CSH

+audience: Admin

+search.appverid: MET150

+f1_keywords:

+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'

+ms.localizationpriority: medium

+- tier3

+- purview-compliance

+hideEdit: true

+feedback_system: None

+recommendations: false

+description: "DLP policy tip reference for Outlook 365 for Win32."

+# Data loss prevention policy tip reference for Outlook for Microsoft 365

+> [!NOTE]

+> Microsoft Purview data loss prevention will only process the first four MB on message content for policy tip in Outlook for Microsoft 365 and only classify up to two MB of attchments.

+## DLP policy tips supported

+Yes

+## DLP policy match email notification support

+Yes

+<!--## Supported versions and channels

+

+- Version 2303 build 16.0.16216.10000 and higher

+- Semi-annual channel tentative version 2302 build 16.0.16130.20478

+-->

+## Conditions that support policy tips for Outlook perpetual users

+|For Outlook perpetual versions and users |These conditions apply |

+|||

+|-E3 users</br>-E5 users |- Content contains sensitive information types </br>- Content is shared from Microsoft 365 |

+## Conditions that support policy tips for Outlook for Microsoft 365 users

+|For Outlook for Microsoft versions and users |These conditions apply|

+|||

+|- All E3 users </br>- All offline E5 users </br>- All E5 users with connected experience disabled </br>- All online E5 users with production version and build lower than 2303 &16.0.16216.10000 </br>- All online E5 users with semi-annual channel version and build lower than 2302 and 16.0.16130.20478 |- Content contains sensitive information types </br>- Content is shared from Microsoft 365 |

+|- All online E5 users with connected experience enabled with production version and build 2303 and 16.0 16216.10000 or higher </br>- semi-annual channel tenative version 2302 build 16.0.16130.20478 | - Content contains sensitive information types </br>- Content contains sensitivity labels (works for email labels, Office docs and PDF files) </br>- Content is shared </br>- Sender is </br>- Sender is member of </br>- Sender domain is </br>- Recipient is </br>- Recipient is a member of </br>- Recipient domain is </br>- Subject contains words|

+<!--

+>> [!NOTE]

+> Outlook does not support showing policy tips for a DLP polcies that's applied to a dynamic distribution group or non-email enabled security groups.

+-->

+## Actions that support policy tips

+All Exchange actions support policy tips

+- Restrict access or encrypt the content in Microsoft 365 locations

+- Set headers

+- Remove header

+- Redirect the message to specific users

+- Forward the message for approval to sender's manager

+- Forward the message for approval to specific approvers

+- Add recipient to the To box

+- Add recipient to the Cc box

+- Add recipient to the Bcc box

+- Add the sender's manager as recipient

+- Removed O365 Message Encryption and rights protection

+- Prepend Email Subject

+- Add HTML Disclaimer

+- Modify Email Subject

+- Deliver the message to the hosted quarantine

+## Sensitive information types that support policy tips for Outlook perpetual users

+**For Outlook perpetual version E3 and E5 users these sensitive information types support policy tips:**

+- [ABA routing number](sit-defn-aba-routing.md)

+- [Argentina national identity (DNI) number](sit-defn-argentina-national-identity-numbers.md)

+- [Australia bank account number](sit-defn-australia-bank-account-number.md)

+- [Australia medical account number](sit-defn-australia-medical-account-number.md)

+- [Australia passport number](sit-defn-australia-passport-number.md)

+- [Australia tax file number](sit-defn-australia-tax-file-number.md)

+- [Azure DocumentDB auth key](sit-defn-azure-document-db-auth-key.md)

+- [Azure IAAS database connection string and Azure SQL connection string](sit-defn-azure-iaas-database-connection-string-azure-sql-connection-string.md)

+- [Azure IoT connection string](sit-defn-azure-iot-connection-string.md)

+- [Azure publish setting password](sit-defn-azure-publish-setting-password.md)

+- [Azure Redis cache connection string](sit-defn-azure-redis-cache-connection-string.md)

+- [Azure SAS](sit-defn-azure-sas.md)

+- [Azure service bus connection string](sit-defn-azure-service-bus-connection-string.md)

+- [Azure storage account key](sit-defn-azure-storage-account-key.md)

+- [Azure Storage account key (generic)](sit-defn-azure-storage-account-key-generic.md)

+- [Belgium national number](sit-defn-belgium-national-number.md)

+- [Brazil CPF number](sit-defn-brazil-cpf-number.md)

+- [Brazil legal entity number (CNPJ)](sit-defn-brazil-legal-entity-number.md)

+- [Brazil national identification card (RG)](sit-defn-brazil-national-identification-card.md)

+- [Canada bank account number](sit-defn-canada-bank-account-number.md)

+- [Canada driver's license number](sit-defn-canada-drivers-license-number.md)

+- [Canada health service number](sit-defn-canada-health-service-number.md)

+- [Canada passport number](sit-defn-canada-passport-number.md)

+- [Canada personal health identification number (PHIN)](sit-defn-canada-personal-health-identification-number.md)

+- [Canada social insurance number](sit-defn-canada-social-insurance-number.md)

+- [Chile identity card number](sit-defn-chile-identity-card-number.md)

+- [China resident identity card (PRC) number](sit-defn-china-resident-identity-card-number.md)

+- [Credit card number](sit-defn-credit-card-number.md)

+- [Croatia identity card number](sit-defn-croatia-identity-card-number.md)

+- [Croatia personal identification (OIB) number](sit-defn-croatia-personal-identification-number.md)

+- [Czech personal identity number](sit-defn-czech-personal-identity-number.md)

+- [Denmark personal identification number](sit-defn-denmark-personal-identification-number.md)

+- [Drug Enforcement Agency (DEA) number](sit-defn-drug-enforcement-agency-number.md)

+- [EU debit card number](sit-defn-eu-debit-card-number.md)

+- [EU driver's license number](sit-defn-eu-drivers-license-number.md)

+- [EU national identification number](sit-defn-eu-national-identification-number.md)

+- [EU passport number](sit-defn-eu-passport-number.md)

+- [EU social security number or equivalent identification](sit-defn-eu-social-security-number-equivalent-identification.md)

+- [EU Tax identification number](sit-defn-eu-tax-identification-number.md)

+- [Finland national ID](sit-defn-finland-national-id.md)

+- [Finland passport number](sit-defn-finland-passport-number.md)

+- [France driver's license number](sit-defn-france-drivers-license-number.md)

+- [France national id card (CNI)](sit-defn-france-national-id-card.md)

+- [France passport number](sit-defn-france-passport-number.md)

+- [France social security number (INSEE)](sit-defn-france-social-security-number.md)

+- [Germany driver's license number](sit-defn-germany-drivers-license-number.md)

+- [Germany passport number](sit-defn-germany-passport-number.md)

+- [Germany identity card number](sit-defn-germany-identity-card-number.md)

+- [Greece national ID card](sit-defn-greece-national-id-card.md)

+- [Hong Kong identity card (HKID) number](sit-defn-hong-kong-identity-card-number.md)

+- [India permanent account number (PAN)](sit-defn-india-permanent-account-number.md)

+- [India unique identification (Aadhaar) number](sit-defn-india-unique-identification-number.md)

+- [Indonesia identity card (KTP) number](sit-defn-indonesia-identity-card-number.md)

+- [International banking account number (IBAN)](sit-defn-international-banking-account-number.md)

+- [International classification of diseases (ICD-10-CM)](sit-defn-international-classification-of-diseases-icd-10-cm.md)

+- [International classification of diseases (ICD-9-CM)](sit-defn-international-classification-of-diseases-icd-9-cm.md)

+- [IP address](sit-defn-ip-address.md)

+- [Ireland personal public service (PPS) number](sit-defn-ireland-personal-public-service-number.md)

+- [Israel bank account number](sit-defn-israel-bank-account-number.md)

+- [Israel national identification number](sit-defn-israel-national-identification-number.md)

+- [Italy driver's license number](sit-defn-italy-drivers-license-number.md)

+- [Japan bank account number](sit-defn-japan-bank-account-number.md)

+- [Japan driver's license number](sit-defn-japan-drivers-license-number.md)

+- [Japan passport number](sit-defn-japan-passport-number.md)

+- [Japan resident registration number](sit-defn-japan-resident-registration-number.md)

+- [Japan social insurance number (SIN)](sit-defn-japan-social-insurance-number.md)

+- [Japan residence card number](sit-defn-japan-residence-card-number.md)

+- [Malaysia identification card number](sit-defn-malaysia-identification-card-number.md)

+- [Netherlands citizens service (BSN) number](sit-defn-netherlands-citizens-service-number.md)

+- [New Zealand ministry of health number](sit-defn-new-zealand-ministry-of-health-number.md)

+- [Norway identification number](sit-defn-norway-identification-number.md)

+- [Philippines unified multi-purpose identification number](sit-defn-philippines-unified-multi-purpose-identification-number.md)

+- [Poland identity card](sit-defn-poland-identity-card.md)

+- [Poland national ID (PESEL)](sit-defn-poland-national-id.md)

+- [Poland passport number](sit-defn-poland-passport-number.md)

+- [Portugal citizen card number](sit-defn-portugal-citizen-card-number.md)

+- [Saudi Arabia National ID](sit-defn-saudi-arabia-national-id.md)

+- [Singapore national registration identity card (NRIC) number](sit-defn-singapore-national-registration-identity-card-number.md)

+- [South Africa identification number](sit-defn-south-africa-identification-number.md)

+- [South Korea resident registration number](sit-defn-south-korea-resident-registration-number.md)

+- [Spain social security number (SSN)](sit-defn-spain-social-security-number.md)

+- [SQL Server connection string](sit-defn-sql-server-connection-string.md)

+- [Sweden national ID](sit-defn-sweden-national-id.md)

+- [Sweden passport number](sit-defn-sweden-passport-number.md)

+- [SWIFT code](sit-defn-swift-code.md)

+- [Taiwan national identification number](sit-defn-taiwan-national-identification-number.md)

+- [Taiwan passport number](sit-defn-taiwan-passport-number.md)

+- [Taiwan-resident certificate (ARC/TARC) number](sit-defn-taiwan-resident-certificate-number.md)

+- [Thai population identification code](sit-defn-thai-population-identification-code.md)

+- [Turkey national identification number](sit-defn-turkey-national-identification-number.md)

+- [U.K. drivers license number](sit-defn-uk-drivers-license-number.md)

+- [U.K. electoral roll number](sit-defn-uk-electoral-roll-number.md)

+- [U.K. national health service number](sit-defn-uk-national-health-service-number.md)

+- [U.K. national insurance number (NINO)](sit-defn-uk-national-insurance-number.md)

+- [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)

+- [U.S. bank account number](sit-defn-us-bank-account-number.md)

+- [U.S. driver's license number](sit-defn-us-drivers-license-number.md)

+- [U.S. individual taxpayer identification number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md)

+- [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)

+## Sensitive information types that support policy tips for Outlook for Microsoft 365 users

+**For these Outlook versions and users:**

+- All Microsoft 365 for Enterprise E3 users

+- All Microsoft 365 for Enterprise offline E5 users

+- All Microsoft 365 for Enterprise E5 users with connected experience disabled

+- All Microsoft 365 for Enterprise online E5 users with production version and build lower than 2303 &16.0.16216.10000

+- All Microsoft 365 for Enterprise online E5 users with semi-annual channel version and build lower than 2302 and 16.0.16130.20478

+**These sensitive information types support policy tips:**

+- [ABA routing number](sit-defn-aba-routing.md)

+- [Argentina national identity (DNI) number](sit-defn-argentina-national-identity-numbers.md)

+- [Australia bank account number](sit-defn-australia-bank-account-number.md)

+- [Australia medical account number](sit-defn-australia-medical-account-number.md)

+- [Australia passport number](sit-defn-australia-passport-number.md)

+- [Australia tax file number](sit-defn-australia-tax-file-number.md)

+- [Azure DocumentDB auth key](sit-defn-azure-document-db-auth-key.md)

+- [Azure IAAS database connection string and Azure SQL connection string](sit-defn-azure-iaas-database-connection-string-azure-sql-connection-string.md)

+- [Azure IoT connection string](sit-defn-azure-iot-connection-string.md)

+- [Azure publish setting password](sit-defn-azure-publish-setting-password.md)

+- [Azure Redis cache connection string](sit-defn-azure-redis-cache-connection-string.md)

+- [Azure SAS](sit-defn-azure-sas.md)

+- [Azure service bus connection string](sit-defn-azure-service-bus-connection-string.md)

+- [Azure storage account key](sit-defn-azure-storage-account-key.md)

+- [Azure Storage account key (generic)](sit-defn-azure-storage-account-key-generic.md)

+- [Belgium national number](sit-defn-belgium-national-number.md)

+- [Brazil CPF number](sit-defn-brazil-cpf-number.md)

+- [Brazil legal entity number (CNPJ)](sit-defn-brazil-legal-entity-number.md)

+- [Brazil national identification card (RG)](sit-defn-brazil-national-identification-card.md)

+- [Canada bank account number](sit-defn-canada-bank-account-number.md)

+- [Canada driver's license number](sit-defn-canada-drivers-license-number.md)

+- [Canada health service number](sit-defn-canada-health-service-number.md)

+- [Canada passport number](sit-defn-canada-passport-number.md)

+- [Canada personal health identification number (PHIN)](sit-defn-canada-personal-health-identification-number.md)

+- [Canada social insurance number](sit-defn-canada-social-insurance-number.md)

+- [Chile identity card number](sit-defn-chile-identity-card-number.md)

+- [China resident identity card (PRC) number](sit-defn-china-resident-identity-card-number.md)

+- [Credit card number](sit-defn-credit-card-number.md)

+- [Croatia identity card number](sit-defn-croatia-identity-card-number.md)

+- [Croatia personal identification (OIB) number](sit-defn-croatia-personal-identification-number.md)

+- [Czech personal identity number](sit-defn-czech-personal-identity-number.md)

+- [Denmark personal identification number](sit-defn-denmark-personal-identification-number.md)

+- [Drug Enforcement Agency (DEA) number](sit-defn-drug-enforcement-agency-number.md)

+- [EU debit card number](sit-defn-eu-debit-card-number.md)

+- [EU driver's license number](sit-defn-eu-drivers-license-number.md)

+- [EU national identification number](sit-defn-eu-national-identification-number.md)

+- [EU passport number](sit-defn-eu-passport-number.md)

+- [EU social security number or equivalent identification](sit-defn-eu-social-security-number-equivalent-identification.md)

+- [EU Tax identification number](sit-defn-eu-tax-identification-number.md)

+- [Finland national ID](sit-defn-finland-national-id.md)

+- [Finland passport number](sit-defn-finland-passport-number.md)

+- [France driver's license number](sit-defn-france-drivers-license-number.md)

+- [France national id card (CNI)](sit-defn-france-national-id-card.md)

+- [France passport number](sit-defn-france-passport-number.md)

+- [France social security number (INSEE)](sit-defn-france-social-security-number.md)

+- [Germany driver's license number](sit-defn-germany-drivers-license-number.md)

+- [Germany passport number](sit-defn-germany-passport-number.md)

+- [Germany identity card number](sit-defn-germany-identity-card-number.md)

+- [Greece national ID card](sit-defn-greece-national-id-card.md)

+- [Hong Kong identity card (HKID) number](sit-defn-hong-kong-identity-card-number.md)

+- [India permanent account number (PAN)](sit-defn-india-permanent-account-number.md)

+- [India unique identification (Aadhaar) number](sit-defn-india-unique-identification-number.md)

+- [Indonesia identity card (KTP) number](sit-defn-indonesia-identity-card-number.md)

+- [International banking account number (IBAN)](sit-defn-international-banking-account-number.md)

+- [International classification of diseases (ICD-10-CM)](sit-defn-international-classification-of-diseases-icd-10-cm.md)

+- [International classification of diseases (ICD-9-CM)](sit-defn-international-classification-of-diseases-icd-9-cm.md)

+- [IP address](sit-defn-ip-address.md)

+- [Ireland personal public service (PPS) number](sit-defn-ireland-personal-public-service-number.md)

+- [Israel bank account number](sit-defn-israel-bank-account-number.md)

+- [Israel national identification number](sit-defn-israel-national-identification-number.md)

+- [Italy driver's license number](sit-defn-italy-drivers-license-number.md)

+- [Japan bank account number](sit-defn-japan-bank-account-number.md)

+- [Japan driver's license number](sit-defn-japan-drivers-license-number.md)

+- [Japan passport number](sit-defn-japan-passport-number.md)

+- [Japan resident registration number](sit-defn-japan-resident-registration-number.md)

+- [Japan social insurance number (SIN)](sit-defn-japan-social-insurance-number.md)

+- [Japan residence card number](sit-defn-japan-residence-card-number.md)

+- [Malaysia identification card number](sit-defn-malaysia-identification-card-number.md)

+- [Netherlands citizens service (BSN) number](sit-defn-netherlands-citizens-service-number.md)

+- [New Zealand ministry of health number](sit-defn-new-zealand-ministry-of-health-number.md)

+- [Norway identification number](sit-defn-norway-identification-number.md)

+- [Philippines unified multi-purpose identification number](sit-defn-philippines-unified-multi-purpose-identification-number.md)

+- [Poland identity card](sit-defn-poland-identity-card.md)

+- [Poland national ID (PESEL)](sit-defn-poland-national-id.md)

+- [Poland passport number](sit-defn-poland-passport-number.md)

+- [Portugal citizen card number](sit-defn-portugal-citizen-card-number.md)

+- [Saudi Arabia National ID](sit-defn-saudi-arabia-national-id.md)

+- [Singapore national registration identity card (NRIC) number](sit-defn-singapore-national-registration-identity-card-number.md)

+- [South Africa identification number](sit-defn-south-africa-identification-number.md)

+- [South Korea resident registration number](sit-defn-south-korea-resident-registration-number.md)

+- [Spain social security number (SSN)](sit-defn-spain-social-security-number.md)

+- [SQL Server connection string](sit-defn-sql-server-connection-string.md)

+- [Sweden national ID](sit-defn-sweden-national-id.md)

+- [Sweden passport number](sit-defn-sweden-passport-number.md)

+- [SWIFT code](sit-defn-swift-code.md)

+- [Taiwan national identification number](sit-defn-taiwan-national-identification-number.md)

+- [Taiwan passport number](sit-defn-taiwan-passport-number.md)

+- [Taiwan-resident certificate (ARC/TARC) number](sit-defn-taiwan-resident-certificate-number.md)

+- [Thai population identification code](sit-defn-thai-population-identification-code.md)

+- [Turkey national identification number](sit-defn-turkey-national-identification-number.md)

+- [U.K. drivers license number](sit-defn-uk-drivers-license-number.md)

+- [U.K. electoral roll number](sit-defn-uk-electoral-roll-number.md)

+- [U.K. national health service number](sit-defn-uk-national-health-service-number.md)

+- [U.K. national insurance number (NINO)](sit-defn-uk-national-insurance-number.md)

+- [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)

+- [U.S. bank account number](sit-defn-us-bank-account-number.md)

+- [U.S. driver's license number](sit-defn-us-drivers-license-number.md)

+- [U.S. individual taxpayer identification number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md)

+- [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)

+**For these Outlook versions and users:**

+- Online E5 users with connected experience enabled with Production version and build 2303 & 16.0.16216.10000 or higher.

+- Semi-annual channel tentative version 2302 build 16.0.16130.20478.

+**These sensitive information types support policy tips:**

+### Exact Data Match sensitive information types that support policy tips Outlook for Microsoft 365

+Yes.

+For more information on exact data match based SITs, see [Learn about exact data match based sensitive information types](sit-learn-about-exact-data-match-based-sits.md)

+<!--### Document Fingerprint SITs

+Policy tips are not supported.

+For more information on document fingerprint SITs, see [Document fingerprinting](document-fingerprinting.md)-->

+### Trainable classifiers support for Outlook for Microsoft 365

+Applies to:

+- E5 users with connected experience enabled with production version and build 2303 & 16.0.16216.10000 or higher

+- Semi-annual channel tentative version 2302 build 16.0.16130.20478

+Yes.

+- [Adult, racy, and gory images](classifier-tc-definitions.md#adult-racy-and-gory-images)

+- [Agreements](classifier-tc-definitions.md#agreements)

+- [Bank statement](classifier-tc-definitions.md#bank-statement)

+- [Budget](classifier-tc-definitions.md#budget)

+- [Business plan](classifier-tc-definitions.md#business-plan)

+- [Completion certificates](classifier-tc-definitions.md#completion-certificates)

+- [Construction specifications](classifier-tc-definitions.md#construction-specifications)

+- [Corporate sabotage](classifier-tc-definitions.md#corporate-sabotage)

+- [Customer complaints](classifier-tc-definitions.md#customer-complaints)

+- [Discrimination](classifier-tc-definitions.md#discrimination)

+- [Employee disciplinary action](classifier-tc-definitions.md#employee-disciplinary-action)

+- [Employee insurance](classifier-tc-definitions.md#employee-insurance)

+- [Employment agreement](classifier-tc-definitions.md#employment-agreement)

+- [Employee Pension Records](classifier-tc-definitions.md#employee-pension-records)

+- [Employee Stocks and Financial Bond Records](classifier-tc-definitions.md#employee-stocks-and-financial-bond-records)

+- [Enterprise Risk Management](classifier-tc-definitions.md#enterprise-risk-management)

+- [Finance](classifier-tc-definitions.md#finance)

+- [Financial audit](classifier-tc-definitions.md#financial-audit)

+- [Financial statement](classifier-tc-definitions.md#financial-statement)

+- [Freight Documents](classifier-tc-definitions.md#freight-documents)

+- [Gifts & entertainment](classifier-tc-definitions.md#gifts--entertainment)

+- [Harassment](classifier-tc-definitions.md#harassment)

+- [Health/Medical forms](classifier-tc-definitions.md#healthmedical-forms)

+- [Healthcare](classifier-tc-definitions.md#healthcare)

+- [Human resources](classifier-tc-definitions.md)

+- [Invoice](classifier-tc-definitions.md#invoice)

+- [Intellectual property](classifier-tc-definitions.md#intellectual-property)

+- [Information technology](classifier-tc-definitions.md#information-technology)

+- [Legal affairs](classifier-tc-definitions.md#legal-affairs)

+- [Legal Agreements](classifier-tc-definitions.md#legal-agreements)

+- [License agreement](classifier-tc-definitions.md#license-agreement)

+- [Loan agreements and offer letters](classifier-tc-definitions.md#loan-agreements-and-offer-letters)

+- [Merger and acquisition files](classifier-tc-definitions.md#merger-and-acquisition-files)

+- [Manufacturing batch records](classifier-tc-definitions.md#manufacturing-batch-records)

+- [Meeting notes](classifier-tc-definitions.md#meeting-notes)

+- [Money laundering](classifier-tc-definitions.md#money-laundering)

+- [Network design files](classifier-tc-definitions.md#network-design-files)

+- [Non-disclosure agreement](classifier-tc-definitions.md#non-disclosure-agreement)

+- [Paystub](classifier-tc-definitions.md#paystub)

+- [Personal Financial Information](classifier-tc-definitions.md#personal-financial-information)

+- [Procurement](classifier-tc-definitions.md#procurement)

+- [Project documents](classifier-tc-definitions.md#project-documents)

+- [Profanity](classifier-tc-definitions.md#profanity)

+- [Quotation](classifier-tc-definitions.md#quotation)

+- [Regulatory collusion](classifier-tc-definitions.md#regulatory-collusion)

+- [Resume](classifier-tc-definitions.md#resume)

+- [Safety records](classifier-tc-definitions.md#safety-records)

+- [Sales and revenue](classifier-tc-definitions.md#sales-and-revenue)

+- [Software product development files](classifier-tc-definitions.md#software-product-development-files)

+- [Source code](classifier-tc-definitions.md#source-code)

+- [Standard Operating Procedures and Manuals](classifier-tc-definitions.md#standard-operating-procedures-and-manuals)

+- [Statement of Accounts](classifier-tc-definitions.md#statement-of-accounts)

+- [Statement of work](classifier-tc-definitions.md#statement-of-work)

+- [Stock manipulation](classifier-tc-definitions.md#stock-manipulation)

+- [Tax documents](classifier-tc-definitions.md#tax-documents)

+- [Threat](classifier-tc-definitions.md#threat)

+- [Unauthorized disclosure](classifier-tc-definitions.md#unauthorized-disclosure)

+- [Wire Transfer](classifier-tc-definitions.md#wire-transfer)

+- [Word count requirements](classifier-tc-definitions.md#word-count-requirements)

+For more information on trainable classifiers, see [Learn about trainable classifiers](classifier-learn-about.md)

+## Sensitivity label support for Outlook for Microsoft 365

+Applies to:

+- E5 users with connected experience enabled with production version and build 2303 & 16.0.16216.10000 or higher

+- Semi-annual channel tentative version 2302 build 16.0.16130.20478

+Yes.

+For more information on sensitivity labels, see [Learn about sensitivity labels](sensitivity-labels.md)

+- Apply branding to encrypted messages

+> [!TIP]

+> For the **Apply branding to encrypted messages** action, if you already have Office Message Encryption implemented, the templates will automatically show up in the drop down list. If you want to implement Microsoft Purview Message Encryption, see for background on OME and procedure to create and configure your branding templates.

+- [Data loss prevention policy tip reference for Outlook for Microsoft 365](dlp-ol365-win32-policy-tips.md)

+# Data loss prevention policy tips reference

+<!--## Outlook 2013 and later supports showing policy tips for only some conditions

+-->

+<!--

+THIS SECTION WILL BE MOVED TO dlp-ol365-win32-policy-tips.md

+ -->

+## Data loss prevention on endpoint devices supports policy tips for only some sensitive information types

+These sensitive information types (SIT)s can be detected on endpoint devices:

+- [ABA routing number](sit-defn-aba-routing.md)

+- [Argentina national identity (DNI) number](sit-defn-argentina-national-identity-numbers.md)

+- [Australia bank account number](sit-defn-australia-bank-account-number.md)

+- [Australia medical account number](sit-defn-australia-medical-account-number.md)

+- [Australia passport number](sit-defn-australia-passport-number.md)

+- [Australia tax file number](sit-defn-australia-tax-file-number.md)

+- [Australia business number](sit-defn-australia-business-number.md)

+- [Australia Company Number](sit-defn-australia-company-number.md)

+- [Austria Driver's License Number](sit-defn-austria-drivers-license-number.md)

+- [Austria Identity Card](sit-defn-austria-identity-card.md)

+- [Austria Passport Number](sit-defn-austria-passport-number.md)

+- [Austria Social Security Number](sit-defn-austria-social-security-number.md)

+- [Austria Tax Identification Number](sit-defn-austria-tax-identification-number.md)

+- [Austria value added tax](sit-defn-austria-value-added-tax.md)

+- [Azure DocumentDB auth key](sit-defn-azure-document-db-auth-key.md)

+- [Azure IAAS database connection string and Azure SQL connection string](sit-defn-azure-iaas-database-connection-string-azure-sql-connection-string.md)

+- [Azure IoT connection string](sit-defn-azure-iot-connection-string.md)

+- [Azure publish setting password](sit-defn-azure-publish-setting-password.md)

+- [Azure Redis cache connection string](sit-defn-azure-redis-cache-connection-string.md)

+- [Azure SAS](sit-defn-azure-sas.md)

+- [Azure service bus connection string](sit-defn-azure-service-bus-connection-string.md)

+- [Azure storage account key](sit-defn-azure-storage-account-key.md)

+- [Azure Storage account key (generic)](sit-defn-azure-storage-account-key-generic.md)

+- [Azure Storage account Shared Access Signature](sit-defn-azure-storage-account-shared-access-signature.md)

+- [Belgium drivers license number](sit-defn-belgium-drivers-license-number.md)

+- [Belgium National Number](sit-defn-belgium-national-number.md)

+- [Belgium passport number](sit-defn-belgium-passport-number.md)

+- [Belgium value added tax number](sit-defn-belgium-value-added-tax-number.md)

+- [Brazil CPF number](sit-defn-brazil-cpf-number.md)

+- [Brazil legal entity number (CNPJ)](sit-defn-brazil-legal-entity-number.md)

+- [Brazil national identification card (RG)](sit-defn-brazil-national-identification-card.md)

+- [Bulgaria drivers license number](sit-defn-bulgaria-drivers-license-number.md)

+- [Bulgaria passport number](sit-defn-bulgaria-passport-number.md)

+- [Bulgaria Uniform Civil Number](sit-defn-bulgaria-uniform-civil-number.md)

+- [Canada bank account number](sit-defn-canada-bank-account-number.md)

+- [Canada drivers license number](sit-defn-canada-drivers-license-number.md)

+- [Canada health service number](sit-defn-canada-health-service-number.md)

+- [Canada Passport Number](sit-defn-canada-passport-number.md)

+- [Canada personal health identification number (PHIN)](sit-defn-canada-personal-health-identification-number.md)

+- [Canada Social Insurance Number](sit-defn-canada-social-insurance-number.md)

+- [Chile Identity Card Number](sit-defn-chile-identity-card-number.md)

+- [China resident identity card (PRC) number](sit-defn-china-resident-identity-card-number.md)

+- [Credit Card Number](sit-defn-credit-card-number.md)

+- [Croatia Driver's License Number](sit-defn-croatia-drivers-license-number.md)

+- [Croatia Identity Card Number](sit-defn-croatia-identity-card-number.md)

+- [Croatia Passport Number](sit-defn-croatia-passport-number.md)

+- [Croatia Personal Identification (OIB) Number](sit-defn-croatia-personal-identification-number.md)

+- [General Symmetric Key](sit-defn-general-symmetric-key.md)

+- [Cyprus Driver's License Number](sit-defn-cyprus-drivers-license-number.md)

+- [Cyprus Identity Card](sit-defn-cyprus-identity-card.md)

+- [Cyprus Passport Number](sit-defn-cyprus-passport-number.md)

+- [Cyprus Tax Identification Number](sit-defn-cyprus-tax-identification-number.md)

+- [Czech drivers license number](sit-defn-czech-drivers-license-number.md)

+- [Czech Personal Identity Number](sit-defn-czech-personal-identity-number.md)

+- [Czech passport number](sit-defn-czech-passport-number.md)

+- [Denmark Driver's License Number](sit-defn-denmark-drivers-license-number.md)

+- [Denmark Passport Number](sit-defn-denmark-passport-number.md)

+- [Denmark Personal Identification Number](sit-defn-denmark-personal-identification-number.md)

+- [Drug Enforcement Agency (DEA) number](sit-defn-drug-enforcement-agency-number.md)

+- [Estonia drivers license number](sit-defn-estonia-drivers-license-number.md#estonia-drivers-license-number)

+- [Estonia Passport Number](sit-defn-estonia-passport-number.md)

+- [Estonia Personal Identification Code](sit-defn-estonia-personal-identification-code.md)

+- [EU Debit Card Number](sit-defn-eu-debit-card-number.md)

+- [EU Driver's License Number](sit-defn-eu-drivers-license-number.md)

+- [EU National Identification Number](sit-defn-eu-national-identification-number.md)

+- [EU Passport Number](sit-defn-eu-passport-number.md)

+- [EU Social Security Number (SSN) or Equivalent ID](sit-defn-eu-social-security-number-equivalent-identification.md)

+- [EU Tax Identification Number (TIN)](sit-defn-eu-tax-identification-number.md)

+- [Finland Driver's License Number](sit-defn-finland-drivers-license-number.md)

+- [Finland European Health Insurance Number](sit-defn-finland-european-health-insurance-number.md)

+- [Finland National ID](sit-defn-finland-national-id.md)

+- [Finland Passport Number](sit-defn-finland-passport-number.md)

+- [France Driver's License Number](sit-defn-france-drivers-license-number.md)

+- [France Health Insurance Number](sit-defn-france-health-insurance-number.md)

+- [France National ID Card (CNI)](sit-defn-france-national-id-card.md)

+- [France Passport Number](sit-defn-france-passport-number.md)

+- [France Social Security Number (INSEE)](sit-defn-france-social-security-number.md)

+- [France Tax Identification Number (numéro SPI.)](sit-defn-france-tax-identification-number.md)

+- [France Value Added Tax Number](sit-defn-france-value-added-tax-number.md)

+- [German Driver's License Number](sit-defn-germany-drivers-license-number.md)

+- [German Passport Number](sit-defn-germany-passport-number.md)

+- [German Identity Card Number](sit-defn-germany-identity-card-number.md)

+- [German Tax Identification Number](sit-defn-germany-tax-identification-number.md)

+- [German Value Added Tax Number](sit-defn-germany-value-added-tax-number.md)

+- [Greece Driver's License Number](sit-defn-greece-drivers-license-number.md)

+- [Greece National ID Card](sit-defn-greece-national-id-card.md)

+- [Greece Passport Number](sit-defn-greece-passport-number.md)

+- [Greece Social Security Number (AMKA)](sit-defn-greece-social-security-number.md)

+- [Greek Tax identification Number](sit-defn-greece-tax-identification-number.md)

+- [Hong Kong Identity Card (HKID) Number](sit-defn-hong-kong-identity-card-number.md)

+- [Hungary Social Security Number (TAJ)](sit-defn-hungary-social-security-number.md)

+- [Hungary Value Added Tax Number](sit-defn-hungary-value-added-tax-number.md)

+- [Hungary Driver's License Number](sit-defn-hungary-drivers-license-number.md)

+- [Hungary Passport Number](sit-defn-hungary-passport-number.md)

+- [Hungary Personal Identification Number](sit-defn-hungary-personal-identification-number.md)

+- [Hungary Tax identification Number](sit-defn-hungary-tax-identification-number.md)

+- [India Permanent Account Number (PAN)](sit-defn-india-permanent-account-number.md)

+- [India Unique Identification (Aadhaar) Number](sit-defn-india-unique-identification-number.md)

+- [Indonesia Identity Card (KTP) Number](sit-defn-indonesia-identity-card-number.md)

+- [International Banking Account Number (IBAN)](sit-defn-international-banking-account-number.md)

+- [International Classification of Diseases (ICD-10-CM)](sit-defn-international-classification-of-diseases-icd-10-cm.md)

+- [International Classification of Diseases (ICD-9-CM)](sit-defn-international-classification-of-diseases-icd-9-cm.md)

+- [IP Address](sit-defn-ip-address.md)

+- [Ireland Driver's License Number](sit-defn-ireland-drivers-license-number.md)

+- [Ireland Passport Number](sit-defn-ireland-passport-number.md)

+- [Ireland Personal Public Service (PPS) Number](sit-defn-ireland-personal-public-service-number.md)

+- [Israel Bank Account Number](sit-defn-israel-bank-account-number.md)

+- [Israel National ID](sit-defn-israel-national-identification-number.md)

+- [Italy Driver's License Number](sit-defn-italy-drivers-license-number.md)

+- [Italy Fiscal Code](sit-defn-italy-fiscal-code.md)

+- [Italy Passport Number](sit-defn-italy-passport-number.md)

+- [Italy Value Added Tax Number](sit-defn-italy-value-added-tax-number.md)

+- [Japan Bank Account Number](sit-defn-japan-bank-account-number.md)

+- [Japan Driver's License Number](sit-defn-japan-drivers-license-number.md)

+- [Japan Passport Number](sit-defn-japan-passport-number.md)

+- [Japan Resident Registration Number](sit-defn-japan-resident-registration-number.md)

+- [Japan Social Insurance Number (SIN)](sit-defn-japan-social-insurance-number.md)

+- [Japan My Number Corporate](sit-defn-japan-my-number-corporate.md)

+- [Japan My Number Personal](sit-defn-japan-my-number-personal.md)

+- [Japan Residence Card Number](sit-defn-japan-residence-card-number.md)

+- [Latvia Driver's License Number](sit-defn-latvia-drivers-license-number.md)

+- [Latvia Passport Number](sit-defn-latvia-passport-number.md)

+- [Latvia Personal Code](sit-defn-latvia-personal-code.md)

+- [Lithuania Driver's License Number](sit-defn-lithuania-drivers-license-number.md)

+- [Lithuania Passport Number](sit-defn-lithuania-passport-number.md)

+- [Lithuania Personal Code](sit-defn-lithuania-personal-code.md)

+- [Luxemburg drivers license number](sit-defn-luxemburg-drivers-license-number.md)

+- [Luxemburg national identification number (natural persons)](sit-defn-luxemburg-national-identification-number-natural-persons.md)

+- [Luxemburg national identification number (non-natural persons)](sit-defn-luxemburg-national-identification-number-non-natural-persons.md)

+- [Luxemburg passport number](sit-defn-luxemburg-passport-number.md)

+- [Malaysia Identity Card Number](sit-defn-malaysia-identification-card-number.md)

+- [Malta Driver's License Number](sit-defn-malta-drivers-license-number.md)

+- [Malta Identity Card Number](sit-defn-malta-identity-card-number.md)

+- [Malta Passport Number](sit-defn-malta-passport-number.md)

+- [Malta Tax ID Number](sit-defn-malta-tax-identification-number.md)

+- [Netherlands Citizen's Service (BSN) Number](sit-defn-netherlands-citizens-service-number.md)

+- [Netherlands Driver's License Number](sit-defn-netherlands-drivers-license-number.md)

+- [Netherlands Passport Number](sit-defn-netherlands-passport-number.md)

+- [Netherlands Tax Identification Number](sit-defn-netherlands-tax-identification-number.md)

+- [Netherlands Value Added Tax Number](sit-defn-netherlands-value-added-tax-number.md)

+- [New Zealand bank account Number](sit-defn-new-zealand-bank-account-number.md)

+- [New Zealand Driver License Number](sit-defn-new-zealand-drivers-license-number.md)

+- [New Zealand Inland Revenue Number](sit-defn-new-zealand-inland-revenue-number.md)

+- [New Zealand Ministry of Health Number](sit-defn-new-zealand-ministry-of-health-number.md)

+- [New Zealand Social Welfare Number](sit-defn-new-zealand-social-welfare-number.md)

+- [Norway Identity Number](sit-defn-norway-identification-number.md)

+- [Philippines Unified Multi-Purpose ID Number](sit-defn-philippines-unified-multi-purpose-identification-number.md)

+- [Poland Driver's License Number](sit-defn-poland-drivers-license-number.md)

+- [Poland Identity Card](sit-defn-poland-identity-card.md)

+- [Poland National ID (PESEL)](sit-defn-poland-national-id.md)

+- [Poland Passport](sit-defn-poland-passport-number.md)

+- [Poland Tax Identification Number](sit-defn-poland-tax-identification-number.md)

+- [Polish REGON Number](sit-defn-poland-regon-number.md)

+- [Portugal Citizen Card Number](sit-defn-portugal-citizen-card-number.md)

+- [Portugal Driver's License Number](sit-defn-portugal-drivers-license-number.md)

+- [Portugal Passport Number](sit-defn-portugal-passport-number.md)

+- [Portugal Tax Identification Number](sit-defn-portugal-tax-identification-number.md)

+- [Romania Driver's License Number](sit-defn-romania-drivers-license-number.md)

+- [Romania Passport Number](sit-defn-romania-passport-number.md)

+- [Romania Personal Numerical Code (CNP)](sit-defn-romania-personal-numeric-code.md)

+- [Russian Passport Number (Domestic)](sit-defn-russia-passport-number-domestic.md)

+- [Russian Passport Number (International)](sit-defn-russia-passport-number-international.md)

+- [Saudi Arabia National ID](sit-defn-saudi-arabia-national-id.md)

+- [Singapore national registration identity card (NRIC) number](sit-defn-singapore-national-registration-identity-card-number.md)

+- [Slovakia Driver's License Number](sit-defn-slovakia-drivers-license-number.md)

+- [Slovakia Passport Number](sit-defn-slovakia-passport-number.md)

+- [Slovakia Personal Number](sit-defn-slovakia-personal-number.md)

+- [Slovenia Driver's License Number](sit-defn-slovenia-drivers-license-number.md)

+- [Slovenia Passport Number](sit-defn-slovenia-passport-number.md)

+- [Slovenia Tax Identification Number](sit-defn-slovenia-tax-identification-number.md)

+- [Slovenia Unique Master Citizen Number](sit-defn-slovenia-unique-master-citizen-number.md)

+- [South Africa Identification Number](sit-defn-south-africa-identification-number.md)

+- [South Korea Resident Registration Number](sit-defn-south-korea-resident-registration-number.md)

+- [Spain DNI](sit-defn-spain-dni.md)

+- [Spain Driver's License Number](sit-defn-spain-drivers-license-number.md)

+- [Spain Passport Number](sit-defn-spain-passport-number.md)

+- [Spain Social Security Number (SSN)](sit-defn-spain-social-security-number.md)

+- [Spain Tax Identification Number](sit-defn-spain-tax-identification-number.md)

+- [SQL Server Connection String](sit-defn-sql-server-connection-string.md)

+- [Sweden Driver's License Number](sit-defn-sweden-drivers-license-number.md)

+- [Sweden National ID](sit-defn-sweden-national-id.md)

+- [Sweden Passport Number](sit-defn-sweden-passport-number.md)

+- [Sweden Tax Identification Number](sit-defn-sweden-tax-identification-number.md)

+- [SWIFT Code](sit-defn-swift-code.md)

+- [Swiss Social Security Number AHV](sit-defn-switzerland-ssn-ahv-number.md)

+- [Taiwan National ID](sit-defn-taiwan-national-identification-number.md)

+- [Taiwan Passport Number](sit-defn-taiwan-passport-number.md)

+- [Taiwan Resident Certificate (ARC/TARC)](sit-defn-taiwan-resident-certificate-number.md)

+- [Thai Population Identification Code](sit-defn-thai-population-identification-code.md)

+- [Turkish National Identification number](sit-defn-turkey-national-identification-number.md)

+- [U.K. Driver's License Number](sit-defn-uk-drivers-license-number.md)

+- [U.K. Electoral Roll Number](sit-defn-uk-electoral-roll-number.md)

+- [U.K. National Health Service Number](sit-defn-uk-national-health-service-number.md)

+- [U.K. National Insurance Number (NINO)](sit-defn-uk-national-insurance-number.md)

+- [U.K. Unique Taxpayer Reference Number](sit-defn-uk-unique-taxpayer-reference-number.md)

+- [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)

+- [U.S. bank account number](sit-defn-us-bank-account-number.md)

+- [U.S. drivers license number](sit-defn-us-drivers-license-number.md)

+- [U.S. individual taxpayer identification number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md)

+- [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)

+- [Ukraine passport domestic](sit-defn-ukraine-passport-domestic.md)

+- [Ukraine passport international](sit-defn-ukraine-passport-international.md)

+Custom sensitive information types will also be detected in addition to the above out-of-the-box sensitive information types.

+|**Outlook for Microsoft 365 (ver. 2105 build 14026.20000 and semi-annual channel ver. 2102 build 13801.20862)**|:::image type="icon" source="../medi)|

+|**Word, Excel, PowerPoint Win32 Client**|:::image type="icon" source="../medi#policy-tips-in-excel-powerpoint-and-word) for more details|

+When you apply a retention policy to a location that includes OneNote content, or a retention label to a OneNote folder, the different OneNote sections inherit the retention settings as individual files. Pages from each section are contained within the file and inherit the retention settings from their parent section.

+Because of this structure, each section will be individually retained and deleted (with all its pages), according to the retention settings you specify.

+|Auto-applied based on sensitive information types, keywords or a query, or trainable classifiers |Exchange, SharePoint, OneDrive, Microsoft 365 Groups |

+|Auto-applied to cloud attachments |SharePoint, OneDrive, Microsoft 365 Groups |

+|[Deploy employee experience with Microsoft Viva](https://go.microsoft.com/fwlink/?linkid=2241022)|[Deploy employee experience with Microsoft Viva](https://go.microsoft.com/fwlink/?linkid=2224787)|Viva is an integrated, employee experience platform (EXP) that brings together communications, knowledge, learning, resources, and insights into the flow of work and fosters a culture where people and teams thrive and are empowered to be their best from anywhere. You can use the steps and guidance in the guides linked here to deploy one or more Viva apps and achieve better employee engagement throughout your organization.|

+|[Enable Microsoft Viva Connections](https://go.microsoft.com/fwlink/?linkid=2222984) |[Enable Microsoft Viva Connections](https://go.microsoft.com/fwlink/?linkid=2224697) | Encourage meaningful connections while fostering a culture of inclusion and aligning the entire organization around your vision, mission, and strategic priorities. |

+|[Enable Microsoft Viva Engage](https://go.microsoft.com/fwlink/?linkid=2223067) | [Enable Microsoft Viva Engage](https://go.microsoft.com/fwlink/?linkid=2224797) | Bring people together across the organization to connect with leaders, coworkers, and communities; crowdsource answers and ideas; share their work and experience; and find belonging at work. |

+|[Enable Microsoft Viva Goals](https://go.microsoft.com/fwlink/?linkid=2222980) | [Enable Microsoft Viva Goals](https://go.microsoft.com/fwlink/?linkid=2224796) | Align teams with your organization's strategic priorities, driving results and a thriving business. |

+|[Enable ΓÇÄMicrosoft Viva Insights](https://go.microsoft.com/fwlink/?linkid=2240668) | [Enable ΓÇÄMicrosoft Viva Insights](https://go.microsoft.com/fwlink/?linkid=2224795) | Viva InsightsΓÇÄ helps improve productivity and wellbeing through data-driven, privacy-protected insights and recommendations. |

+|[Enable Microsoft Viva Learning](https://go.microsoft.com/fwlink/?linkid=2223163) |[Enable Microsoft Viva Learning](https://go.microsoft.com/fwlink/?linkid=2225000) | Bring enterprise learning into the flow of work by connecting content from your organization, learning management systems, non-ΓÇÄMicrosoftΓÇÄ providers, and ΓÇÄMicrosoftΓÇÄ. |

+|[Enable Microsoft Viva Topics](https://go.microsoft.com/fwlink/?linkid=2222986) |[Enable Microsoft Viva Topics](https://go.microsoft.com/fwlink/?linkid=2224826) | Use AI to automatically organize content and expertise across your systems and teams into related topics, like projects, products, processes, and customers. |

+- **Microsoft Defender for Endpoint for Servers** (*recommended for enterprise customers*). To learn more, see [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md).

+- **Microsoft Defender for Endpoint for Servers** (*recommended for enterprise customers*). To learn more, see [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md).

+See [Microsoft licensing and product terms](https://www.microsoft.com/en-us/licensing/product-licensing/products).

+3. Expand the tree to **Windows components** \> **Microsoft Defender Exploit Guard** \> **Exploit protection**.

+**Network protection available for macOS**

+Network protection for macOS is now available for all Mac devices onboarded to Defender for Endpoint. Devices must meet the minimum requirements. To learn more, see [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos).

+- Additional predefined file types that you can select from in the Microsoft 365 Defender portal^\*: `7z, 7zip, a, accdb, accde, action, ade, adp, appxbundle, asf, asp, aspx, avi, bin, bundle, bz, bz2, bzip2, cab, caction, cer, chm, command, cpl, crt, csh, css, der, dgz, dmg, doc, docx, dot, dotm, dotx, dylib, font, gz, gzip, hlp, htm, html, imp, inf, ins, ipa, isp, its, jnlp, js, jse, ksh, lqy, mad, maf, mag, mam, maq, mar, mas, mat, mav, maw, mda, mdb, mde, mdt, mdw, mdz, mht, mhtml, mscompress, msh, msh1, msh1xml, msh2, msh2xml, mshxml, msixbundle, o, obj, odp, ods, odt, one, onenote, ops, package, pages, pbix, pdb, pdf, php, pkg, plugin, pps, ppsm, ppsx, ppt, pptm, pptx, prf, prg, ps1, ps1xml, ps2, ps2xml, psc1, psc2, pst, pub, py, rar, rpm, rtf, scpt, service, sh, shb, shtm, shx, so, tar, tarz, terminal, tgz, tool, url, vhd, vsd, vsdm, vsdx, vsmacros, vss, vssx, vst, vstm, vstx, vsw, workflow, ws, xhtml, xla, xlam, xls, xlsb, xlsm, xlsx, xlt, xltm, xltx, zi, zip, zipx`.

+In organizations with Microsoft Defender for Office 365, Safe Attachments for SharePoint, OneDrive, and Microsoft Teams provides an additional layer of protection against malware. After files are asynchronously scanned by the [common virus detection engine in Microsoft 365](anti-malware-protection-for-spo-odfb-teams-about.md), Safe Attachments opens files in a virtual environment to see what happens (a process known as _detonation_). As part of detonation, any password protected files are checked against a list of known passwords or patterns that are typically used by malicious actors. Safe Attachments for SharePoint, OneDrive, and Microsoft Teams also helps detect and block existing files that are identified as malicious in team sites and document libraries.